SHA256
1
0
forked from pool/strongswan

Accepting request 513652 from home:ndas:branches:network:vpn

- Updated to strongSwan 5.3.5 providing the following changes:
    *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input
    validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two
    requirements regarding the passed exponent and modulus that the plugin did not
    enforce, if these are not met the calculation will result in a floating point exception
    that crashes the whole process.
    This vulnerability has been registered as CVE-2017-9022.
    Please refer to our blog for details.
    *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser
    didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when
    parsing X.509 extensions that use such types.
    This vulnerability has been registered as CVE-2017-9023.
    Please refer to our blog for details.
    *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid
    traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA
    the responder already has everything available to install and use the new CHILD_SA.
    However, this could lead to lost traffic as the initiator won't be able to process
    inbound packets until it processed the CREATE_CHILD_SA response and updated the
    inbound SA. To avoid this the responder now only installs the new inbound SA and
    delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA.
    *The messages transporting these DELETEs could reach the peer before packets sent
    with the deleted outbound SAs reach it. To reduce the chance of traffic loss due
    to this the inbound SA of the replaced CHILD_SA is not removed for a configurable
    amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed.
    *The code base has been ported to Apple's ARM64 iOS platform, which required several
    changes regarding the use of variadic functions. This was necessary because the calling
    conventions for variadic and regular functions are different there.
    This means that assigning a non-variadic function to a variadic function pointer, as we
    did with our enumerator_t::enumerate() implementations and several callbacks, will
    result in crashes as the called function accesses the arguments differently than the

OBS-URL: https://build.opensuse.org/request/show/513652
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
This commit is contained in:
Nirmoy Das 2017-08-01 07:21:05 +00:00 committed by Git OBS Bridge
parent d3507c65d4
commit 8cfc35877a
11 changed files with 275 additions and 76 deletions

View File

@ -0,0 +1,27 @@
From 4e16732c1c668c27e73574724d2d90537a74f67a Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 17 Jun 2016 18:19:48 +0200
Subject: [PATCH] ikev1: Don't retransmit Aggressive Mode response
These could theoretically be used for an amplified DDoS attack.
---
src/libcharon/sa/ikev1/task_manager_v1.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 48ec3e7..0912555 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -770,8 +770,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
continue;
case NEED_MORE:
/* processed, but task needs another exchange */
- if (task->get_type(task) == TASK_QUICK_MODE ||
- task->get_type(task) == TASK_AGGRESSIVE_MODE)
+ if (task->get_type(task) == TASK_QUICK_MODE)
{ /* we rely on initiator retransmission, except for
* three-message exchanges */
expect_request = TRUE;
--
2.13.2

View File

@ -0,0 +1,49 @@
iFrom ed282e9a463c068146c945984fdea7828e663861 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 29 May 2017 11:59:34 +0200
Subject: [PATCH] gmp: Fix RSA signature verification for m >= n
By definition, m must be <= n-1, we didn't enforce that and because
mpz_export() returns NULL if the passed value is zero a crash could have
been triggered with m == n.
Fixes CVE-2017-11185.
---
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 32a72ac9600b..a741f85d4f62 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -78,11 +78,17 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data)
mpz_t m, c;
chunk_t encrypted;
- mpz_init(c);
mpz_init(m);
-
mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
+ if (mpz_cmp_ui(m, 0) <= 0 || mpz_cmp(m, this->n) >= 0)
+ { /* m must be <= n-1, but 0 is a valid value, doesn't really make sense
+ * here, though */
+ mpz_clear(m);
+ return chunk_empty;
+ }
+
+ mpz_init(c);
mpz_powm(c, m, this->e, this->n);
encrypted.len = this->k;
@@ -150,7 +156,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
*/
/* check magic bytes */
- if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
+ if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
{
goto end;
}
--
2.7.4

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2c84b663da652b1ff180a1a73c24a3d7b9fc4b9b8ba6bd07f94a1e33092e6350
size 4415297

View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAABAgAGBQJWVtUVAAoJEN9CwXCzTbp3dpUL/j5Dio8w6LbKtCf4QRItnG2/
3U6apa56nxDWD3rpnN20OjSUzgulMIOjv/ZtRuruRPGWoFwrG6WzrsY/0ZrV929J
hSmEVuu6qgt/2i/OJdBUHfNGbhJ9JbTXGMxnWUp38mr4SasZlzHZAxbiKmnKXKtO
H5XebtVFR0/yNBPkv6wcJID/vFhJxfWpU2dblvVfSVo9VgV7lXkD0W+S++LJDTVo
PgV/a8NZEFswLIZCPct4i3QBYCDkCiS5MGlGCa+xltPYdLpwQUqhEBUkvF8yur7K
hnpT9cLk/gMSfFQmSOoN/31yx+ZSHTGR75QEh0pXRvo+oLJse7tw5/MJOHEJu+Hp
c/0iVL7qSIXbX5DBF3c03nG3ZdWcVQW32VEp//mC5yEpqFz28dlNSpVwWHLMym/D
kddiJjkZGCm7jBaPWTHSq2l8y9zdQzyHNNQ0HUpchUcpCn7B2nQO4tDSz3AFBECT
32LKSXnpRb7BAnIW/TZhZqWs1WzbQHogUF+wx+Rl6w==
=+fm3
-----END PGP SIGNATURE-----

3
strongswan-5.5.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c5ea54b199174708de11af9b8f4ecf28b5b0743d4bc0e380e741f25b28c0f8d4
size 4768820

View File

@ -0,0 +1,14 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAABAgAGBQJZK+1/AAoJEN9CwXCzTbp3vvAMAJ6SQBu+q41eol6inaXmD1k2
pwLgBYgMa/TG3dhvX2PxkpypratmYLY96GOy8WFP58/7z2gJL63SjCjN8MaNSZ7V
UemJD5sEqu3lKGhR+q3Vsz/7xTBWYJSNoE1m/AdwftR6oF0CcIQLgrkjQa1OiU71
SNqb2KFOafsSFicmhW44tdG9YFx56pzuoOgZhfDNEC9kMBKf7/rMpUeqAxsZah1I
fETj26gYKPMZAzFdZJvcVLMT70WaHkDU3Oo3/UfIKrucLm+uvYjcrzQnP00laLvx
LdgjuHXjXixrV92XzWCsa9Bbc39kmz2cBYlm6JPLfyON1x/DtUBdIoRcuO9y8nek
HAiO8rLG0vyQsbhiaW5TJ6wfR/uyNGhKCIyabU90Nmo0dzVMlb5ro/1q0XcQM5Dl
D4+FGErM3UdeDu0gj2klr1TyXwdOF6ZdlOtRBwRVH69mFz7o22Q6eGiw9o3Yf+9b
cJCpzSQXEgZybV8XSYOzGnY9cVeD4Il4FxgYuxViXg==
=9WTk
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,85 @@
-------------------------------------------------------------------
Mon Jul 31 18:30:28 CEST 2017 - ndas@suse.de
- Updated to strongSwan 5.3.5 providing the following changes:
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input
validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two
requirements regarding the passed exponent and modulus that the plugin did not
enforce, if these are not met the calculation will result in a floating point exception
that crashes the whole process.
This vulnerability has been registered as CVE-2017-9022.
Please refer to our blog for details.
*Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser
didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when
parsing X.509 extensions that use such types.
This vulnerability has been registered as CVE-2017-9023.
Please refer to our blog for details.
*The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid
traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA
the responder already has everything available to install and use the new CHILD_SA.
However, this could lead to lost traffic as the initiator won't be able to process
inbound packets until it processed the CREATE_CHILD_SA response and updated the
inbound SA. To avoid this the responder now only installs the new inbound SA and
delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA.
*The messages transporting these DELETEs could reach the peer before packets sent
with the deleted outbound SAs reach it. To reduce the chance of traffic loss due
to this the inbound SA of the replaced CHILD_SA is not removed for a configurable
amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed.
*The code base has been ported to Apple's ARM64 iOS platform, which required several
changes regarding the use of variadic functions. This was necessary because the calling
conventions for variadic and regular functions are different there.
This means that assigning a non-variadic function to a variadic function pointer, as we
did with our enumerator_t::enumerate() implementations and several callbacks, will
result in crashes as the called function accesses the arguments differently than the
caller provided them. To avoid this issue the enumerator_t interface has been changed
and the signature of the callback functions for enumerator_create_filter() and two
methods on linked_list_t have been changed. Refer to the developer notes below
for details.
*Adds support for fuzzing the certificate parser provided by the default plugins
(x509, pem, gmp etc.) on Google's OSS-Fuzz infrastructure (or generally with
libFuzzer). Several issues found while fuzzing these plugins were fixed.
*Two new options have been added to charon's retransmission settings:
retransmit_limit and retransmit_jitter. The former adds an upper limit to the
calculated retransmission timeout, the latter randomly reduces it.
Refer to Retransmission for details.
*A bug in swanctl's --load-creds command was fixed that caused unencrypted
private keys to get unloaded if the command was called multiple times.
The load-key VICI command now returns the key ID of the loaded key on success.
*The credential manager now enumerates local credential sets before global ones.
This means certificates supplied by the peer will now be preferred over certificates
with the same identity that may be locally stored (e.g. in the certificate cache).
*Adds support for hardware offload of IPsec SAs as introduced by Linux 4.11 for
specific hardware that supports this.
*The pki tool loads the curve25519 plugin by default.
[- 0006-Make-sure-the-modulus-is-odd-and-the-exponent-not-zero.patch,
- 0007-asn1-parser-Fix-CHOICE-parsing.patch]
- libhydra is removed as all kernel plugins moved to libcharon
- Fix RSA signature verification for m >= n (bsc#1051222 CVE-2017-11185)
[+ 0006-Fix-RSA-signature-verification-for-m.patch]
-------------------------------------------------------------------
Tue May 23 14:25:32 CEST 2017 - ndas@suse.de
- Applied patch for "Don't retransmit Aggressive Mode response"
bsc#985012.
- Applied upstream patch for "Insufficient Input Validation in gmp Plugin"
bsc#1039514(CVE-2017-9022).
- Applied upstream patch for "Incorrect x509 ASN.1 parser error handling"
bsc#1039515(CVE-2017-9023).
[+0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch,
+0006-Make-sure-the-modulus-is-odd-and-the-exponent-not-zero.patch,
+0007-asn1-parser-Fix-CHOICE-parsing.patch]
-------------------------------------------------------------------
Mon Jul 4 12:00:00 UTC 2016 - doug@uq.edu.au

View File

@ -1,7 +1,7 @@
#
# spec file for package strongswan
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: strongswan
Version: 5.3.5
Version: 5.5.3
Release: 0
%define upstream_version %{version}
%define strongswan_docdir %{_docdir}/%{name}
@ -82,6 +82,8 @@ Patch2: %{name}_ipsec_service.patch
Patch3: %{name}_fipscheck.patch
Patch4: %{name}_fipsfilter.patch
%endif
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
Patch6: 0006-Fix-RSA-signature-verification-for-m.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison
BuildRequires: curl-devel
@ -289,9 +291,11 @@ and the load testing plugin for IKEv2 daemon.
%patch1 -p0
%patch2 -p0
%if %{with fipscheck}
%patch3 -p0
%patch3 -p1
%patch4 -p1
%endif
%patch5 -p1
%patch6 -p1
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init
@ -566,13 +570,14 @@ fi
%{_libexecdir}/ipsec/_fipscheck
%{_libexecdir}/ipsec/.*.hmac
%{_sbindir}/.ipsec.hmac
%endif
%files ipsec
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/swanctl/swanctl.conf
%dir %{_sysconfdir}/swanctl
%dir %{_sysconfdir}/ipsec.d
%dir %{_sysconfdir}/ipsec.d/crls
%dir %{_sysconfdir}/ipsec.d/reqs
@ -584,6 +589,7 @@ fi
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
%if %{with systemd}
%{_unitdir}/strongswan.service
%{_sysconfdir}/dbus-1/system.d/nm-strongswan-service.conf
%{_sbindir}/rcstrongswan
%else
%config %{_sysconfdir}/init.d/ipsec
@ -591,6 +597,7 @@ fi
%endif
%{_bindir}/pki
%{_sbindir}/ipsec
%{_sbindir}/swanctl
%{_mandir}/man1/pki*.1*
%{_mandir}/man8/ipsec.8*
%{_mandir}/man5/ipsec.conf.5*
@ -626,6 +633,8 @@ fi
%{strongswan_docdir}/AUTHORS
%{strongswan_docdir}/ChangeLog
%{_mandir}/man8/scepclient.8*
%{_mandir}/man5/swanctl.conf.5.*
%{_mandir}/man8/swanctl.8.*
%files libs0
%defattr(-,root,root)
@ -643,8 +652,11 @@ fi
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/scepclient.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/starter.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/tnc.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/swanctl.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/addrblock.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/aes.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/curve25519.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/vici.conf
%if %{with afalg}
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/af-alg.conf
%endif
@ -739,7 +751,10 @@ fi
%{strongswan_libdir}/libchecksum.so
%endif
%{strongswan_libdir}/libcharon.so.*
%{strongswan_libdir}/libhydra.so.*
%{strongswan_libdir}/libtpmtss.so.*
%{strongswan_libdir}/libtpmtss.so
%{strongswan_libdir}/libvici.so
%{strongswan_libdir}/libvici.so.*
%{strongswan_libdir}/libpttls.so.*
%{strongswan_libdir}/libradius.so.*
%{strongswan_libdir}/libsimaka.so.*
@ -842,6 +857,8 @@ fi
%{strongswan_plugins}/libstrongswan-xauth-generic.so
%{strongswan_plugins}/libstrongswan-xauth-pam.so
%{strongswan_plugins}/libstrongswan-xcbc.so
%{strongswan_plugins}/libstrongswan-curve25519.so
%{strongswan_plugins}/libstrongswan-vici.so
%dir %{strongswan_datadir}
%dir %{strongswan_templates}
%dir %{strongswan_templates}/config
@ -942,6 +959,8 @@ fi
%{strongswan_templates}/config/plugins/xauth-generic.conf
%{strongswan_templates}/config/plugins/xauth-pam.conf
%{strongswan_templates}/config/plugins/xcbc.conf
%{strongswan_templates}/config/plugins/curve25519.conf
%{strongswan_templates}/config/plugins/vici.conf
%{strongswan_templates}/config/strongswan.d/charon-logging.conf
%{strongswan_templates}/config/strongswan.d/charon.conf
%{strongswan_templates}/config/strongswan.d/imcv.conf
@ -950,6 +969,7 @@ fi
%{strongswan_templates}/config/strongswan.d/scepclient.conf
%{strongswan_templates}/config/strongswan.d/starter.conf
%{strongswan_templates}/config/strongswan.d/tnc.conf
%{strongswan_templates}/config/strongswan.d/swanctl.conf
%{strongswan_templates}/database/imv/data.sql
%{strongswan_templates}/database/imv/tables.sql

View File

@ -1,8 +1,10 @@
--- src/ipsec/_ipsec.in
+++ src/ipsec/_ipsec.in
@@ -44,6 +44,26 @@ export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCR
diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
index ea399b8..ea8ed8a 100644
--- a/src/ipsec/_ipsec.in
+++ b/src/ipsec/_ipsec.in
@@ -46,6 +46,26 @@ IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity o
IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
command_dir="$IPSEC_DIR"
+fipscheck()
+{
@ -27,7 +29,7 @@
case "$1" in
'')
echo "$IPSEC_SCRIPT command [arguments]"
@@ -155,6 +175,7 @@ rereadall|purgeocsp|listcounters|resetcounters)
@@ -153,6 +173,7 @@ rereadall|purgeocsp|listcounters|resetcounters)
shift
if [ -e $IPSEC_CHARON_PID ]
then
@ -35,7 +37,7 @@
$IPSEC_STROKE "$op" "$@"
rc="$?"
fi
@@ -164,6 +185,7 @@ purgeike|purgecrls|purgecerts)
@@ -162,6 +183,7 @@ purgeike|purgecrls|purgecerts)
rc=7
if [ -e $IPSEC_CHARON_PID ]
then
@ -43,7 +45,7 @@
$IPSEC_STROKE "$1"
rc="$?"
fi
@@ -197,6 +219,7 @@ route|unroute)
@@ -195,6 +217,7 @@ route|unroute)
fi
if [ -e $IPSEC_CHARON_PID ]
then
@ -51,7 +53,7 @@
$IPSEC_STROKE "$op" "$1"
rc="$?"
fi
@@ -206,6 +229,7 @@ secrets)
@@ -204,6 +227,7 @@ secrets)
rc=7
if [ -e $IPSEC_CHARON_PID ]
then
@ -59,7 +61,7 @@
$IPSEC_STROKE rereadsecrets
rc="$?"
fi
@@ -213,6 +237,7 @@ secrets)
@@ -211,6 +235,7 @@ secrets)
;;
start)
shift
@ -67,7 +69,7 @@
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/ipsec
fi
@@ -286,6 +311,7 @@ up)
@@ -289,6 +314,7 @@ up)
rc=7
if [ -e $IPSEC_CHARON_PID ]
then
@ -75,7 +77,7 @@
$IPSEC_STROKE up "$1"
rc="$?"
fi
@@ -325,6 +351,11 @@ esac
@@ -338,6 +364,11 @@ esac
cmd="$1"
shift
@ -84,6 +86,6 @@
+*) fipscheck || exit $? ;;
+esac
+
path="$IPSEC_DIR/$cmd"
path="$command_dir/$cmd"
if [ ! -x "$path" ]

View File

@ -5,11 +5,20 @@ Subject: [PATCH] strongswan: filter algorithms for fips mode
References: fate#316931,bnc#856322
From 818cd5f1b6455237a82f385b60a2513cdd9c5eef Mon Sep 17 00:00:00 2001
From: Nirmoy Das <ndas@suse.de>
Date: Mon, 17 Jul 2017 15:15:14 +0200
Subject: [PATCH] strongswan_fipsfilter
---
src/libcharon/config/proposal.c | 184 +++++++++++++++++++++++++++++++++++-----
1 file changed, 165 insertions(+), 19 deletions(-)
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index e59dcd9..f07f4a2 100644
index 6c71f78..0640140 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -26,6 +26,11 @@
@@ -27,6 +27,11 @@
#include <crypto/prfs/prf.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
@ -21,7 +30,7 @@ index e59dcd9..f07f4a2 100644
ENUM(protocol_id_names, PROTO_NONE, PROTO_IPCOMP,
"PROTO_NONE",
@@ -185,6 +190,122 @@ METHOD(proposal_t, strip_dh, void,
@@ -190,6 +195,122 @@ METHOD(proposal_t, strip_dh, void,
enumerator->destroy(enumerator);
}
@ -144,7 +153,7 @@ index e59dcd9..f07f4a2 100644
/**
* Select a matching proposal from this and other, insert into selected.
*/
@@ -502,6 +623,11 @@ static bool add_string_algo(private_proposal_t *this, const char *alg)
@@ -611,6 +732,11 @@ static bool add_string_algo(private_proposal_t *this, const char *alg)
return FALSE;
}
@ -156,7 +165,7 @@ index e59dcd9..f07f4a2 100644
add_algorithm(this, token->type, token->algorithm, token->keysize);
return TRUE;
@@ -643,6 +769,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
@@ -753,6 +879,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
{
@ -165,8 +174,8 @@ index e59dcd9..f07f4a2 100644
+
switch (encryption)
{
case ENCR_AES_CCM_ICV8:
@@ -675,6 +804,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case ENCR_AES_GCM_ICV16:
@@ -806,6 +935,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
{
@ -176,7 +185,7 @@ index e59dcd9..f07f4a2 100644
switch (encryption)
{
case ENCR_AES_CBC:
@@ -706,6 +838,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
@@ -850,6 +982,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
{
@ -185,8 +194,8 @@ index e59dcd9..f07f4a2 100644
+
switch (integrity)
{
case AUTH_HMAC_SHA1_96:
@@ -727,6 +862,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case AUTH_HMAC_SHA2_256_128:
@@ -905,6 +1040,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &prf, &plugin_name))
{
@ -196,7 +205,7 @@ index e59dcd9..f07f4a2 100644
switch (prf)
{
case PRF_HMAC_SHA1:
@@ -747,6 +885,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
@@ -964,6 +1102,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group, &plugin_name))
{
@ -206,7 +215,7 @@ index e59dcd9..f07f4a2 100644
switch (group)
{
case MODP_NULL:
@@ -795,6 +936,10 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
@@ -1004,6 +1145,10 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
{
private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0);
@ -217,48 +226,58 @@ index e59dcd9..f07f4a2 100644
switch (protocol)
{
case PROTO_IKE:
@@ -805,25 +950,28 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
@@ -1014,31 +1159,32 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
}
break;
case PROTO_ESP:
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ fips_add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ fips_add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
case PROTO_AH:
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ fips_add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ fips_add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
default:
break;
}
+
+#undef fips_add_algorithm
+
return &this->public;
}
--
2.2.1
2.13.2